IoT Attacks, Hacker Motivations, and Recommended Countermeasures
emnifyemnify
Businesses worldwide spent $1.5 billion on IoT security in 2019. When it comes to connecting devices via cellular IoT, the selling-point is typically the data and derived insights–this is where the customer sees real value, more so than in any security benefits. That said, IoT solution providers not taking security measures into consideration are risking significant revenue and reputation loss in the event of a security breach–both for their own business as well as their customer’s business.Â
In the worst cases, the harm done from one security breach will far outweigh any previously created customer value. IoT connectivity providers that can explain and demonstrate their security concepts will gain a competitive advantage.Â
IoT solution providers not taking security measures into consideration are risking significant revenue and reputation loss in the event of a security breach – both for their own business as well as their customer’s business.
IoT attacks increased by 900% in 2019. So, why are hackers increasingly targeting IoT devices? There are several explanations:Â
The criminal businesses mentioned above are typically set up as ordinary businesses and are especially relevant in the IoT domain. Their objective is to gain control over a large number of IoT devices and make money out of them, often in one of the following ways: Â
The most common IoT attack today is the Mirai malware, which originated in 2016. The malware scans the public internet for IoT devices and tries to establish a remote telnet connection using a list of common factory default usernames and passwords. As soon as one device is infected, the malware begins scanning for more victims. All devices become part of the Mirai botnet which is then steered through the attacker’s command and control center. The attackers then execute a DDoS attack, on behalf of their customers, to a target destination in order to take down the servers of the victims.  Â
The Stuxnet computer worm was first uncovered in 2010. The malware first injects Microsoft Windows machines exploiting zero-day exploit or outdated OS versions; initially it spread over USB flash drives. On the Windows machine it looks for the Siemens Step7 software that controls the Siemens programmable logic controller (PLC). With the Step7 software it then installs itself on the IoT device and takes over control. Stuxnet once targeted Iranian facilities and reportedly severely harmed the Iranian atomic program. Â
While Brickerbot was discovered in 2017 and Silex appeared in 2019, they have a common attack pattern. Like Mirai, the software scans the public internet and tries to log in to the IoT device with default and weak login and password combinations. After infection, the software overwrites all data and deletes the network configuration, which makes the IoT device unusable, unless someone can physically get a hand on the device.Â
As seen in the Stuxnet attack, IoT devices in the same network as other machines can be impacted by the vulnerabilities of those other machines. To avoid this, using a dedicated network infrastructure is recommended, instead of using shared LAN or Wi-Fi networks. Alternatively, using cellular communication that separates the communication of the different machines is also preferred.  Â
The Mirai and Silex / Brickerbot malware show the value of having random and unique log-in credentials for the different devices – this could have prevented the above-mentioned attack. While the devices allowed for remote access by their owners, the access was granted via the unsecured public internet. A more secure way to get remote access to IoT devices is to use IPSec or Intra-Cloud Connect, avoiding the exposure of public Internet.
One way to prevent attempts to steal remote access to IoT devices, as well as completely block attacks, is to use a cellular firewall. With a cellular firewall, devices are only permitted to communicate with a defined subset of IP addresses. The firewall itself is not located on the individual devices, rather on the cellular connection – out of the attacker’s control.Â
While the excitement surrounding the brimming potential of IoT connectivity is understandable–and warranted–overlooking IoT device security can prove catastrophic. A robustly secured IoT solution is one that can safely scale globally, enable groundbreaking solutions, and last for years to come.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Recent Articles